From f1f60e555c7a44ea43f12fcd2d6ebbce6d50fb57 Mon Sep 17 00:00:00 2001
From: Agent <agent@example.com>
Date: Thu, 16 Apr 2026 18:21:41 +0000
Subject: [PATCH] fix: fix: vault_request RETURN trap fires prematurely when
 vault-env.sh is sourced (#773)

---
 lib/action-vault.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/action-vault.sh b/lib/action-vault.sh
index 6348cc6..7bed943 100644
--- a/lib/action-vault.sh
+++ b/lib/action-vault.sh
@@ -128,7 +128,6 @@ vault_request() {
   # Validate TOML content
   local tmp_toml
   tmp_toml=$(mktemp /tmp/vault-XXXXXX.toml)
-  trap 'rm -f "$tmp_toml"' RETURN
 
   printf '%s' "$toml_content" > "$tmp_toml"
 
@@ -150,6 +149,9 @@ vault_request() {
   # Restore caller's FORGE_TOKEN after validation
   FORGE_TOKEN="${_saved_forge_token:-}"
 
+  # Set trap AFTER sourcing vault-env.sh to avoid RETURN trap firing during source
+  trap 'rm -f "$tmp_toml"' RETURN
+
   # Run validation
   if ! validate_vault_action "$tmp_toml"; then
     echo "ERROR: TOML validation failed" >&2